The Biggest Cybersecurity Attacks of 2018: Interactive Map

The Biggest Cybersecurity Attacks of 2018

Without algorithmic assistance, it would not be impossible to collate them all. Needless to say, there are also many that remain unreported or undetected, meaning the real picture is much more disconcerting.

To give a sense of the threat posed by cyberattacks, we’ve brought together a selection of signficant cybersecurity attacks and data breaches that have unfolded in 2018.

They are notable for a variety of reasons. This includes the scope of losses – both financial and reputational – as well as the size of the company, the type and amount of data and the cases that generated wider public interest.

Despite Western media tending to focus on companies within its geographical remit, we’ve tried to reflect the global threat of cyberattacks by showing threats around the world.

And due to many breaches taking a while to discover – in some cases years – we have shown breaches in order that they were reported to the media.

January

Jan

Feb

Mar

Apr

May

Jun

JuL

Aug

Sep

Oct

Click on each attack point to see details of the incident

Aadhaar database breach

India’s database containing the identity numbers, demographic and biometrics of 1.1 billion citizens is one of the largest databases on the planet.

This year it has been plagued by vulnerabilities.

An investigation by The Tribune found in January that Rs500 (around £5) gets you access to the details of anyone on the Aadhaar database.

Reported: 3 January

Occurred: 3 January

Damage: Difficult to put number on accessed data, but multiple security flaws found throughout rest of year have eroded trust in the system

Method: Anonymous sellers offered access to personal details of 1.1bn people over WhatsApp

Culprit: Vulnerability exploit

Location: India

Coincheck crypto heist

In the biggest crypto theft in history – and one of the largest heists in history – hackers made off with around $500m in cryptocurrency.

Norwegian health authority hack

Almost half of Norway’s population had their healthcare data stolen after hackers breached the systems of Health South-East Regional Health Authority.

Reported: 18 January

Occurred: 15 January

Damage: Nearly 3 million patients’ data compromised, including those in government and secret services

Method: Unknown but highly advanced

Culprit: “Advanced and professional” hackers, possibly foreign state

Location: Norway

February

Sacremento Bee ransomware attack

The local California newspaper fell victim to a ransomware attack in which more than 19 million voter records were exposed online, including names, addresses, email and phone numbers. The Bee opted not to pay the ransom and deleted the databases to eliminate future risk.

Reported: 7 February

Occurred: Late January 2018

Damage: 19.5 million California voter records compromised

Method: Firewall lowered during maintenance was not restored, resulting in ransomware attack. The Bee deleted its database and didn’t pay ransom

Culprit: Unknown

Location: California, US

Colorado Department of Transportation ransomware

Colorado’s Department of Transport suffered a crippling attack from the notorious SamSam ransomware that targets city infrastructure. While critical systems were unaffected, the fallout was far-reaching – and expensive.

City of Atlanta held hostage by infrastructure attack

A crippling attack on the city of Atlanta turned into the largest successful breach for a major US city after ransomware put government computers down for five days.

Reported: 22 March

Occurred: 22 March

Damage: Many legal documents and video files permanently deleted. $2.7m in fees to cybersecurity contractors to repair damage. Unknown if the city paid the $51,000 demanded by hackers. Residents were temporarily forced to pay their bills and submit forms by paper

Method: SamSam ransomware

Culprit: Unknown, but believed to be same group as Colorado attack.

Location: Atlanta, US

April

Sears and Delta Air Lines data breach

Online chat provider [24]7.ai, who provides its services to Delta and Sears, reported a data breach six months after it occurred. The breach exposed the customer payment details of hundreds of thousands of customers.

Reported: 4 April

Occurred: 26 – 12 October 2017

Damage: Customer payment information exposed. Other users of [24]7.ai such as Sears and Best Buy affected

Method: Malware attack on [24]7.ai

Culprit: Unknown

Location: Atlanta, US

Leominster school pays $10k in Bitcoin to unlock system

Hackers hit a school in Leominster with a ransomware attack that left its systems out of action for two weeks. While no sensitive staff or student information was accessed, the attack cost the school $10,000 in ransom to regain control.

Reported: 26 April

Occurred: 16 – 20 April

Damage: Systems down for two weeks. City paid $10k in Bitcoin to regain access to its files

Method: Ransomware

Culprit: Unknown. “Highly sophisticated”

Location: Leominster, Massachusetts, US

May

Meituan Dianping data breach

The Tencent-backed ecommerce giant suffered a leak that left tens of thousands customer details exposed and sold online.

Reported: 03 May

Occurred: April 2018

Damage: Tens of thousands of names, addresses, phone numbers of its delivery customers sold online for 2 cents per item

Method: Leak

Culprit: Unknown

Location: China

Coca-Cola employee data stolen

Not all data thefts take place online, as evidenced by a former employee who was found in possession of a hard drive containing personal information on around 8,000 employees.

Coca-Cola released the details of the incident eight months after it occurred, following a full investigation.

Ticketmaster attack

Ticketmaster was alerted to fraudulent card activity by online bank Monzo. It later emerged that the breach was part of a wider credit card skimming operation affecting at least 800 e-commerce sites that targeted third party code suppliers.

July

Bancor breach

Bancor became the latest cryptocurrency exchange to suffer a theft, in which a total of $23.5m in cryptocurrency was stolen.

While the Swiss exchange managed to freeze some tokens and prevent the thief making off with more, Etherium and other tokens could not be saved.

Reported: 13 July

Occurred: 9 July

Damage: $23.5m stolen in three different cryptocurrencies. Bancor froze tokens

Method: Hackers breached wallet used to upgrade user contracts

Culprit: Unknown hackers

Location: Switzerland

PIR Bank looted

Hackers believed to be part of the infamous MoneyTaker hacking group made off with nearly a million dollars after finding exploiting tunnels in a router that gave direct access to the bank’s local network.

Reported: 19 July

Occurred: 3 July

Damage: $920,000 stolen

Method: Hackers exploited outdated router to channel funds to 17 accounts at major Russian banks before cashing out

Culprit: MoneyTaker hacking group

Location: Russia

August

Huazhu Hotels Group breach

Thought to be the largest data breach in China in half a decade, personal data and booking information from 13 hotels operated by the Huazhu Hotels Group ended up for sale on a Chinese dark web forum for 8 Bitcoins.

Reddit data breach

The social news aggregation site, which is known for providing users with anonymity, suffered a massive blow to its reputation, after Reddit data from 2007 - 2009 was accessed via an exploit in its two factor SMS authentication system.

September

British Airways hack

Magecart struck again in a particularly damaging attack, making off with payment details of nearly 400,000 customers. Around 250,000 of these customer details popped up for sale on the dark web for a total of £9.4m.

Midland ransomware attack

The small town of Midland, two hours North of Toronto, made headlines after cybercrooks infected its computer systems and locked out government workers. Vital systems were not affected, but the town of Midland paid an unspecified amount to hackers in Bitcoin to regain access.

Reported: 4 September

Occurred: 1 September

Damage: Temporary loss of systems and unknown Bitcoin payment

Method: Ransomware locked Midland out of its town systems

Culprit: Unknown hackers

Location: Midland, Canada

Facebook data breach

The social media giant, already struggling to convince the world that it can look after people’s data, suffered a huge setback after a vulnerability in its ‘View As’ feature exposed personal details of 50 million users.

Reported: 28 September

Damage: Almost 50 million accounts across the world compromised. Name, gender, hometowns. Facebook could yet face a GDPR fine

Method: Exploited vulnerability in ‘View As’ feature

Culprit: Unknown, FBI still investigating

Location: Menlo Park, California, United States

October

Attack on Organisation for Prohibition of Chemical Weapons

The UK and Dutch officials pointed the finger at Russia for launching cyberattacks on the headquarters of the watchdog investigating the Salisbury novichok poisoning, which was foiled by British and Dutch security services.

Reported: 4 October

Occurred: April 2018

Damage: Attack foiled

Method: Electronic WiFi hacking equipment discovered in suspect’s car

Culprit: Russia’s GRU

Location: The Hague, Netherlands

Google+

Google decided to cover up a bug in its social network discovered in March that exposed up to 500,000 user’s personal information, fearing “immediate regulatory interest”.

As a result, Google will wind down the service, with a final closure planned for August 2019.

Reported: 8 October

Occurred: March 2018

Damage: Up to 500,000 names, email address, occupation, gender and age accessed. Google+ shut down

Method: Bug in system that allowed external developers access to profile data

Culprit: Bug

Location: Mountain View, California, US

Centers for Medicare & Medicaid Services breach

Hackers took 75,000 individuals’ data from the government healthcare system, causing the center to shut down the Direct Enrollment system while it implemented new security measures.